• ホーム
  • ブログ
  • 合格できるPalo Alto Networks Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0試験最速合格保証最近更新されたGoShiken問題集! [Q87-Q104]

合格できるPalo Alto Networks Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0試験最速合格保証最近更新されたGoShiken問題集! [Q87-Q104]

Share

合格できるPalo Alto Networks Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0試験最速合格保証最近更新されたGoShiken問題集!

合格できるPCNSE試験の150問題で最適なGoShiken出題問題

質問 87
Which three options are supported in HA Lite? (Choose three.)

  • A. Synchronization of IPsec security associations
  • B. Configuration synchronization
  • C. Active/passive deployment
  • D. Virtual link
  • E. Session synchronization

正解: A,B,C

 

質問 88
A standalone firewall with local objects and policies needs to be migrated into Panoram

  • A. Use the "import device configuration to Panorama" operation, then "export or push device config bundle" to push the configuration
  • B. Use the "import Panorama configuration snapshot" operation, then perform a device-group commit push with "include device and network templates"
  • C. Use the "import device configuration to Panorama" operation, then perform a device-group commit push with "include device and network templates"
  • D. What procedure should you use so Panorama is fully managing the firewall?
  • E. Use the "import Panorama configuration snapshot" operation, then "export or push device config bundle" to push the configuration

正解: B

解説:
https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/transition-a- firewall-to-panorama-management/migrate-a-firewall-to-panorama-management.html

 

質問 89
An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the company's proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats.
Which option would achieve this result?

  • A. Create a custom App-ID and use the "ordered conditions" check box.
  • B. Create an Application Override policy and custom threat signature for the application.
  • C. Create an Application Override policy.
  • D. Create a custom App-ID and enable scanning on the advanced tab.

正解: D

解説:
Explanation
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK

 

質問 90
Which Panorama objects restrict administrative access to specific device-groups?

  • A. admin roles
  • B. access domains
  • C. authentication profiles
  • D. templates

正解: B

解説:
Access domains control administrative access to specific Device Groups and templates, and also control the ability to switch context to the web interface of managed firewalls. https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/panorama-overview/role-based-access-control/access-domains.html

 

質問 91
An administrator allocates bandwidth to a Prisma Access Remote Networks compute location with three remote networks.
What is the minimum amount of bandwidth the administrator could configure at the compute location?

  • A. 75Mbps
  • B. 50Mbps
  • C. 300 Mbps
  • D. 90Mbps

正解: B

解説:
The number you specify for the bandwidth applies to both the egress and ingress traffic for the remote network connection. If you specify a bandwidth of 50 Mbps, Prisma Access provides you with a remote network connection with 50 Mbps of bandwidth on ingress and 50 Mbps on egress.
Your bandwidth speeds can go up to 10% over the specified amount without traffic being dropped; for a 50 Mbps connection, the maximum bandwidth allocation is 55 Mbps on ingress and 55 Mbps on egress (50 Mbps plus 10% overage allocation).
https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama- admin/prisma-access-for-networks/how-to-calculate-network-bandwidth

 

質問 92
An administrator has configured a QoS policy rule and a QoS profile that limits the maximum allowable bandwidth for the YouTube application. However , YouTube is consuming more than the maximum bandwidth allotment configured.
Which configuration step needs to be configured to enable QoS?

  • A. Enable QoS monitor
  • B. Enable QoS Data Filtering Profile
  • C. Enable Qos interface
  • D. Enable Qos in the interface Management Profile.

正解: C

解説:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/network/network-qos/qos-interface-settings#
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/quality-of-service/configure-qos.html
QoS implementation on a Palo Alto Networks firewall begins with three primary configuration components that support a full QoS solution: a QoS policy, a QoS Profile, and configuration of the QoS egress interface.

 

質問 93
Which steps should an engineer take to forward system logs to email?

  • A. Create a new email profile under Device > server profiles; then navigate to Objects > Log Forwarding profile > set log type to system and the add email profile.
  • B. Create a new email profile under Device > server profiles: then navigate to Device > Log Settings > System and add the email profile under email.
  • C. Enable log forwarding under the email profile in the Device tab.
  • D. Enable log forwarding under the email profile in the Objects tab.

正解: B

 

質問 94
In an enterprise deployment, a network security engineer wants to assign rights to a group of administrators without creating local administrator accounts on the firewall.
Which authentication method must be used?

  • A. LDAP
  • B. Kerberos
  • C. RADlUS with Vendor-Specific Attributes
  • D. Certificate-based authentication

正解: D

解説:
As a more secure alternative to password-based authentication to the Panorama web interface, you can configure certificate-based authentication for administrator accounts that are local to Panorama. Certificate- based authentication involves the exchange and verification of a digital signature instead of a password.
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/set-up- panorama/configure-a-panorama-administrator-with-certificate-based-authentication-for-the-web- interface

 

質問 95
A host attached to Ethernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet 1/1 and Ethernet 1/4 to be green. The IP address of Ethernet 1/1 is 192.168.1.7 and the IP address of Ethernet 1/4 is 10.1.1.7. The default gateway is attached to Ethernet 1/1. A default route is properly configured.
What can be the cause of this problem?

  • A. No Zone has been configured on Ethernet 1/4.
  • B. DNS has not been properly configured on the host.
  • C. Interface Ethernet 1/1 is in Virtual Wire Mode.
  • D. DNS has not been properly configured on the firewall.

正解: A

 

質問 96
The firewall identifies a popular application as an unknown-tcp.
Which two options are available to identify the application? (Choose two.)

  • A. Create a Security policy to identify the custom application.
  • B. Create a custom object for the custom application server to identify the custom application.
  • C. Create a custom application.
  • D. Submit an App-ID request to Palo Alto Networks.

正解: C,D

解説:
Explanation
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/app-id/use-application-objects-in-policy/create-a-cu
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/app-id/manage-custom-or-unknown-applications.htm

 

質問 97
Refer to the exhibit.

Which certificates can be used as a Forwarded Trust certificate?

  • A. Forward_Trust
  • B. Domain-Root-Cert
  • C. Certificate from Default Trust Certificate Authorities
  • D. Domain Sub-CA

正解: D

 

質問 98
When using the predefined default profile, the policy will inspect for viruses on the decoders. Match each decoder with its default action.
Answer options may be used more than once or not at all.

正解:

解説:

 

質問 99
How is the Forward Untrust Certificate used?

  • A. It is used for Captive Portal to identify unknown users.
  • B. It is used when web servers request a client certificate.
  • C. It issues certificates encountered on the Untrust security zone when clients attempt to connect to a site that has be decrypted/
  • D. It is presented to clients when the server they are connecting to is signed by a certificate authority that is not trusted by firewall.

正解: D

 

質問 100
A company hosts a publically accessible web server behind a Palo Alto Networks next generation firewall with the following configuration information.
* Users outside the company are in the "Untrust-L3" zone
* The web server physically resides in the "Trust-L3" zone.
* Web server public IP address: 23.54.6.10
* Web server private IP address: 192.168.1.10
Which two items must be NAT policy contain to allow users in the untrust-L3 zone to access the web server? (Choose two)

  • A. Destination IP of 23.54.6.10
  • B. Destination IP of 192.168.1.10
  • C. Untrust-L3 for both Source and Destination zone
  • D. Untrust-L3 for Source Zone and Trust-L3 for Destination Zone

正解: A,D

 

質問 101
Which three authentication services can administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a corresponding admin account on the local firewall? (Choose three.)

  • A. Kerberos
  • B. PAP
  • C. RADIUS
  • D. TACACS+
  • E. SAML
  • F. LDAP

正解: A,E,F

解説:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/firewall-administration/manage-firewall-administrat The administrative accounts are defined on an external SAML, TACACS+, or RADIUS server. The server performs both authentication and authorization. For authorization, you define Vendor-Specific Attributes (VSAs) on the TACACS+ or RADIUS server, or SAML attributes on the SAML server.
PAN-OS maps the attributes to administrator roles, access domains, user groups, and virtual systems that you define on the firewall. For details, see:
Configure SAML AuthenticationConfigure TACACS+ AuthenticationConfigure RADIUS Authentication

 

質問 102
When planning to configure SSL Froward Proxy on a PA 5260, a user asks how SSL decryption can be implemented using phased approach in alignment with Palo Alto Networks best practices What should you recommend?

  • A. Enable SSL decryption for known malicious destination IP addresses
  • B. Enable SSL decryption for malicious source users
  • C. Enable SSL decryption for source users and known malicious URL categories
  • D. Enable SSL decryption for known malicious source IP addresses

正解: A

 

質問 103
Which CLI command displays the current management plan memory utilization?

  • A. > show system resources
  • B. > debug management-server show
  • C. > show system info
  • D. > show running resource-monitor

正解: A

解説:
https://live.paloaltonetworks.comHYPERLINK "https://live.paloaltonetworks.com/t5/Management- Articles/Show-System-Resource-Command-Displays-CPU-Utilization-of-9999/ta- p/58149"/t5/Management-Articles/Show-System-Resource-Command-Displays-CPU-Utilization-of-
9999/ta-p/58149

 

質問 104
......


Palo Alto Networks PCNSE 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • 緊密に統合されたイノベーションにより、セキュリティの有効性と効率を向上させます
トピック 2
  • 復号化の展開戦略を特定する
トピック 3
  • 承認、認証、およびデバイス管理の方法を特定する
トピック 4
  • 指定されたネットワーク展開に適したインターフェイスの種類と構成を特定する
トピック 5
  • ファイアウォール
トピック 6
  • トラフィックログでアプリケーションの意味を特定する
トピック 7
  • パロアルトネットワークファイアウォールを導入するためのオプションを特定する
トピック 8
  • パロアルトネットワークスが脅威の検出と防止に取り組んでいることを特定する
トピック 9
  • ファイアウォールの設計実装を特定するシナリオ

 

合格突破受験者シミュレーションされたPCNSE試験問題集:https://www.goshiken.com/Palo-Alto-Networks/PCNSE-mondaishu.html

無料テストエンジンはPalo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0認定試験:https://drive.google.com/open?id=1ce7TdI6ASs9iAHlLOOL5tpYv3XvfcHjw

関するブログ

もっと
PCNSE無料問題集